What Keeps IT Professionals Up at Night

By Brian Czarny

Webroot recently surveyed more than 300 email and Web security professionals about email management, compliance, archiving, encryption, spam, viruses, Web filtering and Web-based malware attacks. Our research shows that security practices and risk perceptions have evolved over the last year – the top three security concerns are email threat protection, data security/confidentiality and Web threat protection. Other highlights of the survey include:

Security professionals are clearly worried about insufficient resources for Web security– a potential result of the economic downturn.

The large number of organizations that were required to retrieve email for legal or compliance reasons within the last year indicates that email archiving services are becoming increasingly important.

Most companies experienced some type of negative impact due to Web-based threats over the last 12 months, ranging from server outages and disrupted business activities to compromised data or transactions.

23% of survey respondents experienced a data breach – which cost between $10,000 and $1 million:

Just two weeks ago, Heartland Payment Systems disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants in one of the largest breaches on record. This past April, the Virginia Department of Health Professions learned that its Prescription Monitoring Program (PMP) computer system had been accessed by an unauthorized user – who then demanded $10 million to return over 8 million patient records and 35 million prescriptions.

As previously reported on this blog, Web threats are growing at a rapid pace in both volume and sophistication – fueled by the financial motivation of cybercriminals. Our research also showed that email threats were the top concern of IT professionals – but while email protection is important, the new vector of attack is the Web – and only 15% of organizations reported having Web security measures in place while 85% of new malware originates via the Web.

Our mission is to protect organizations from these types of threats – in real time and ahead of the ever-evolving malware landscape. That’s why we’re very excited about the new releases for our Web and Email Security Services. The releases add new features that help organizations stay ahead of the latest Web threats, monitor and control employee Internet use, and secure sensitive information in email communications.

Our Web Security Service employs unique, real time techniques to detect and defend against the newest phishing attacks and exploits before blacklists and signatures are available. It also offers “safe search” settings to enforce the exclusion of inappropriate images from search results across the major search sites (Google, Yahoo!, etc.). New quota-driven policies for time spent surfing, bandwidth used, and number of sites visited make it easier for administrators to monitor and control employee Internet usage. And we’ve further expanded the number of reports available to give you increased visibility into how employees spend their time online – particularly useful for monitoring use of social networking sites and other Web 2.0 applications during business hours.

In our Email Security Service, we’ve introduced a range of new usability enhancements designed to make deployment and management of the services even easier, and launched a new add-on service called the Webroot Email Encryption Service. The new Email Encryption Service is an important tool to help ensure the security of confidential information transmitted via email, expand organizational privacy controls and comply with a range of Federal and state legislation that mandate the protection of personally identifiable information and other sensitive content.

The encryption service expands our outbound content filtering capabilities to allow administrators to configure policies that automatically encrypt email messages when a rule is triggered. Employees can either designate messages to be encrypted if they contain confidential information – such as financial information, legal documents, etc. – or the service can automatically encrypt messages if they contain specific content – such as Social Security Numbers, Credit Card details or other sensitive data.

We take our company tag line, “The Best Security in an Unsecured World” seriously at Webroot, and the newest releases of our Web and Email Security Services continue to raise the bar – check them out. We think you’ll agree.